Apr 14, 2026

Cybersecurity Radar — 2026-04-14

Adobe has patched an actively exploited critical vulnerability in Acrobat Reader (CVE-2026-34621) just one day before today's coverage window, making urgent patching the top priority for organizations. Meanwhile, a Marimo notebook RCE flaw was exploited within 10 hours of public disclosure, highlighting accelerating attacker reaction times — a trend confirmed by Mandiant's M-Trends 2026 report showing adversary hand-off times have collapsed to just 22 seconds. The U.S. public sector faces mounting pressure as AI lowers barriers to sophisticated nation-state attacks, per Trend Micro's Q1 2026 intelligence report.

7 min read/15 sources

Apr 13, 2026

Cybersecurity Radar — 2026-04-13

A critical unauthenticated remote code execution flaw in the Python notebook tool Marimo (CVE-2026-39987, CVSS 9.3) was weaponized within 10 hours of public disclosure, underscoring the shrinking window between vulnerability publication and active exploitation. Simultaneously, a previously undocumented phishing-as-a-service (PhaaS) platform dubbed "VENOM" has been identified targeting C-suite executive credentials across multiple industries. The U.S. public sector is under intensifying pressure, with Trend Micro reporting that AI is lowering barriers for sophisticated nation-state attacks while rapidly expanding the attack surface.

6 min read/15 sources

Apr 12, 2026

Cybersecurity Radar — 2026-04-12

A critical pre-authenticated remote code execution flaw in the Marimo Python notebook framework (CVE-2026-39987, CVSS 9.3) was actively exploited within just 10 hours of public disclosure, underscoring the razor-thin window organizations have to patch high-severity vulnerabilities. Meanwhile, the unpatched Windows local privilege escalation zero-day "BlueHammer" remains weaponizable with publicly available exploit code, and the FBI's 2025 Internet Crime Report confirms U.S. cybercrime losses reached a record $21 billion.

6 min read/15 sources

Apr 11, 2026

Cybersecurity Radar — 2026-04-11

A leaked proof-of-concept exploit for the unpatched Windows "BlueHammer" local privilege escalation vulnerability is now publicly available, dramatically lowering the barrier for attackers. Simultaneously, Snowflake customers are facing active data theft attacks following a breach at a third-party SaaS integration provider, with over a dozen companies confirmed affected. China-linked threat actors are also accelerating zero-day exploitation windows, according to fresh Microsoft intelligence, compressing the time organizations have to patch before attacks begin.

7 min read/15 sources

Apr 9, 2026

Cybersecurity Radar — 2026-04-09

A hospital in Brockton, Massachusetts entered its third day of electronic system outages following a cyberattack, while agencies issued urgent warnings about an Iranian-affiliated APT actively disrupting internet-connected PLCs across U.S. critical infrastructure sectors. These incidents arrive alongside a newly leaked Windows zero-day exploit and continued active exploitation of a critical Fortinet FortiClient EMS flaw — making this a high-tempo 72 hours across the threat landscape.

7 min read/15 sources

Apr 8, 2026

Cybersecurity Radar — 2026-04-08

A leaked, unpatched Windows zero-day exploit dubbed "BlueHammer" is now publicly available, enabling attackers to gain SYSTEM-level privileges with no patch from Microsoft yet in sight. Meanwhile, Fortinet's FortiClient EMS remains under active exploitation via CVE-2026-35616, with only a hotfix available as a full patch is still pending. The Microsoft-tracked threat actor Storm-1175 is escalating ransomware attacks against healthcare and services organizations across the US, UK, and Australia.

6 min read/15 sources

Apr 7, 2026

Cybersecurity Radar — 2026-04-07

A critical zero-day in Fortinet FortiClient EMS (CVE-2026-35616, CVSS 9.1) remains under active exploitation with a full patch still pending, drawing urgent advisories from multiple security firms including Tenable and CyberScoop within the last 24 hours. Meanwhile, the weekly vulnerability digest covering March 30–April 5 logged 1,361 newly identified flaws — 129 rated critical — with AI pipeline attacks emerging as a new priority. North Korean threat actors were also confirmed targeting the open-source Axios HTTP client ecosystem via social engineering, per a developer post-mortem published this week.

7 min read/15 sources

Apr 6, 2026

Cybersecurity Radar — 2026-04-06

Fortinet has patched a critical privilege escalation vulnerability in FortiClient EMS (CVE-2026-35616, CVSS 9.1) that has been actively exploited since March 31, 2026 — making it the most urgent action item for enterprise security teams today. Simultaneously, Apple has expanded its iOS 18.7.7 update rollout to block the DarkSword exploit, while BlackFog's March 2026 ransomware report reveals the evolving threat landscape heading into Q2.

7 min read/15 sources

Apr 5, 2026

Cybersecurity Radar — 2026-04-05

A $285 million heist from Solana-based DEX Drift on April 1 headlines today's cybersecurity landscape, while CISA's addition of the Chrome zero-day CVE-2026-5281 to its Known Exploited Vulnerabilities catalog keeps pressure on browser update compliance. Cisco has also patched critical and high-severity flaws capable of authentication bypass and remote code execution, and the supply chain threat group TeamPCP has pivoted from credential harvesting to ransomware monetization — raising the stakes for enterprise defenders.

6 min read/15 sources

Apr 4, 2026

Cybersecurity Radar — 2026-04-04

March 2026 closed as the most active month for ransomware yet, with 780 confirmed attacks — a 13% spike over February — even as nation-state actors quietly intensify pressure on critical infrastructure. Hackers are actively exploiting CVE-2025-55182 in Next.js to breach hosts at scale and steal credentials, while Cisco has patched critical authentication-bypass flaws affecting multiple products. Meanwhile, stolen credentials continue to fuel both financially motivated and nation-state intrusions across every sector.

6 min read/15 sources

Apr 3, 2026

Cybersecurity Radar — 2026-04-03

Google's fourth Chrome zero-day of 2026 — CVE-2026-5281 — is under active exploitation in the wild, with CISA adding it to the Known Exploited Vulnerabilities catalog on April 1st and urging all users to update immediately. Separately, over 14,000 F5 BIG-IP APM instances have been found exposed online amid ongoing attacks exploiting a critical RCE vulnerability. These developments arrive as nation-state actors continue to intensify campaigns against critical infrastructure globally.

7 min read/15 sources

Apr 2, 2026

Cybersecurity Radar — 2026-04-02

Google has released an emergency patch for Chrome's fourth zero-day of 2026, CVE-2026-5281, a critical flaw in the Dawn graphics engine already being actively exploited in the wild. Simultaneously, CISA ordered federal agencies to patch Citrix NetScaler appliances against an actively exploited vulnerability by a firm deadline. A newly disclosed critical vulnerability in Nginx UI (CVSS 9.8) has a public proof-of-concept exploit available with no official patch yet released.

6 min read/15 sources

Apr 1, 2026

Cybersecurity Radar — 2026-04-01

A critical Citrix NetScaler vulnerability (CVE-2026-3055, CVSS 9.3) has come under active exploitation as of March 27, with CISA ordering federal agencies to patch by Thursday. Separately, a TrueConf zero-day (CVE-2026-3502) is being actively exploited to deploy Havoc malware against Southeast Asian government networks. New ransomware data covering March 2025–March 2026 reveals 7,655 claims across 129 threat groups — with industry and policy responses accelerating in parallel.

7 min read/15 sources

Mar 31, 2026

Cybersecurity Radar — 2026-03-31

A critical reconnaissance campaign targeting Citrix NetScaler ADC and Gateway (CVE-2026-3055, CVSS 9.3) is actively underway, with multiple security firms confirming live exploitation attempts. Meanwhile, the European Commission confirmed a significant data breach after its Europa.eu platform was compromised by the ShinyHunters extortion gang. The Waterfall Threat Report 2026 warns that a slowdown in raw ransomware numbers masks a deeper, more dangerous shift: nation-state actors are increasingly targeting critical infrastructure with precision attacks.

7 min read/15 sources

Mar 30, 2026

Cybersecurity Radar — 2026-03-30

A reclassified F5 BIG-IP vulnerability has been confirmed exploited in the wild after new March 2026 intelligence elevated its severity to remote code execution, making it the most urgent patching priority today. Simultaneously, CISA has added the critical Langflow AI framework flaw (CVE-2026-33017) to its Known Exploited Vulnerabilities catalog, and a newly disclosed Telegram zero-click vulnerability carrying a 9.8 CVSS score is igniting global concern for over one billion users. The Waterfall Threat Report 2026, published just three days ago, warns that an apparent ransomware slowdown is masking a deeper and more dangerous pivot toward nation-state attacks on critical infrastructure.

8 min read/15 sources

Mar 29, 2026

Cybersecurity Radar — 2026-03-29

The biggest story of the day centers on Iran-linked cyberattack escalation, with Unit 42 releasing a freshly updated threat brief documenting active phishing, hacktivist DDoS, and cybercrime campaigns tied to Iranian threat actors. Across the broader landscape, a malicious PyPI package targeting developers surfaced on March 27, AFC Ajax confirmed a data breach, and new reporting highlights how ransomware slowdowns are masking a deeper pivot toward nation-state attacks on critical infrastructure.

5 min read/15 sources

Mar 28, 2026

Cybersecurity Radar — 2026-03-28

A wave of significant data breaches hit multiple high-profile organizations in the past 24 hours — including anime platform Crunchyroll, automaker Mazda, and cybersecurity firm HackerOne — while a new China-nexus espionage campaign continues targeting telecom and government networks. Industry analysts are also sounding alarms over a new report revealing enterprise cybersecurity software fails roughly 20% of the time, underscoring mounting concerns about patch management gaps and software reliability.

7 min read/15 sources

Mar 27, 2026

Cybersecurity Radar — 2026-03-27

A newly tracked **GlassWorm campaign** is evolving into a multi-stage data-theft and remote access framework, emerging as the most critical fresh threat this cycle. Simultaneously, CISA added a critical Langflow vulnerability (CVE-2026-33017) to its Known Exploited Vulnerabilities catalog as of March 25, and GitLab disclosed a severe WebAuthn 2FA bypass flaw. A Microsoft Teams vishing campaign and ransomware attack paralyzing a California city underscore the breadth of active threats.

6 min read/15 sources

Mar 26, 2026

Cybersecurity Radar — 2026-03-26

A supply-chain threat actor dubbed TeamPCP has compromised the widely-used Python package **litellm**, injecting credential-harvesting malware and a Kubernetes lateral-movement toolkit into two malicious versions published this week. Meanwhile, new research shows enterprise cybersecurity software fails roughly 20% of the time, and Mandiant's M-Trends 2026 report — released in the past 24 hours — warns that cyberattacks are becoming faster, more coordinated, and increasingly industrialized. F5 Labs also dropped its weekly threat bulletin covering the period ending March 25, 2026.

7 min read/15 sources

Mar 25, 2026

Cybersecurity Radar — 2026-03-25

This week's most critical developments include the emergence of the **DarkSword iOS exploit chain**, a six-vulnerability zero-day kit enabling full device takeover across multiple countries, and the active exploitation of **CVE-2026-20131**, a perfect CVSS 10.0 flaw in Cisco FMC being weaponized by Interlock ransomware. A CISA Emergency Directive is also forcing federal agencies to act immediately on two SD-WAN vulnerabilities. Enterprise threat surfaces continue to expand as ransomware groups accelerate targeting cadence and AI-driven attack vectors mature.

6 min read/15 sources

Cybersecurity Radar

Latest

Cybersecurity Radar — 2026-04-14

Cybersecurity Radar — 2026-04-13

Cybersecurity Radar — 2026-04-12

Cybersecurity Radar — 2026-04-11

Cybersecurity Radar — 2026-04-09

Cybersecurity Radar — 2026-04-08

Cybersecurity Radar — 2026-04-07

Cybersecurity Radar — 2026-04-06

Cybersecurity Radar — 2026-04-05

Cybersecurity Radar — 2026-04-04

Cybersecurity Radar — 2026-04-03

Cybersecurity Radar — 2026-04-02

Cybersecurity Radar — 2026-04-01

Cybersecurity Radar — 2026-03-31

Cybersecurity Radar — 2026-03-30

Cybersecurity Radar — 2026-03-29

Cybersecurity Radar — 2026-03-28

Cybersecurity Radar — 2026-03-27

Cybersecurity Radar — 2026-03-26

Cybersecurity Radar — 2026-03-25

Want your own AI intelligence feed?